Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[doc] Document urlDecode=false implies alwaysUseFullPath=true [SPR-15643] #20202

Closed
spring-issuemaster opened this issue Jun 8, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link
Collaborator

commented Jun 8, 2017

Mike Noordermeer opened SPR-15643 and commented

#15727 made some changes to the URL processing, which seem to work for most of the cases, but not for 1 specific case: encoded backslashes in paths.

I have a DispatcherServlet mapped to /, and am using a UrlPathHelper with urlDecode set to false. When I issue a request to /testcontroller/test%5Ctest, this is mapped to /testcontroller/test/test instead of /testcontroller/test\test. This is because Tomcat rewrites the %5C to / in the servlet path.

I should probably set alwaysUseFullPath, but maybe this can be fixed by rewriting backslashes to forward slashes in getPathWithinServletMapping() as well?

P.S., Tomcat is running with the options necessary to support %5C in url's (org.apache.catalina.connector. CoyoteAdapter.ALLOW_BACKSLASH and org.apache.tomcat.util.buf. UDecoder.ALLOW_ENCODED_SLASH).


Affects: 4.3.8

Issue Links:

  • #15727 URLs containing %2F (forward slash) are not mapped correctly to @RequestMapping methods

Referenced from: commits e37af83

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 13, 2017

Rossen Stoyanchev commented

What would we re-write actually, the "pathWithinApp"? That should be encoded at that point (it's based on HttpServletRequest#getRequestURI) but we're trying to compare it to the "servetPath" which is decoded. So unless I'm missing something obvious the use of urlDecode=false is incompatible with alwaysUseFullPath=false.

We're making some changes on the WebFlux side (see #20207) that may help on the Spring MVC side as well. So I'm setting for RC3. In the very least we need to better document the use of urlDecode=false or hopefully ew can improve it.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Jun 14, 2017

Mike Noordermeer commented

I think the only problem remaining is that Tomcat rewrites an encoded backslash to a slash. So this line:

path = getRemainingPath(decodeInternal(request, pathWithinApp), servletPath, false);

fails to get the path, as it compares /bla/bla\bla (output of decodeInternal) with /bla/bla/bla (servletPath).

I'm not sure if it is fixable, maybe a backslash could be treated as being equal to a slash somewhere?

At the same time, I have to say that using urlDecode=false and alwaysUseFullPath=true with a default servlet mapping works well for us, so it may also be just be a documentation issue - I am not entirely sure about the meaning of alwaysUseFullPath.

@spring-issuemaster

This comment has been minimized.

Copy link
Collaborator Author

commented Jul 14, 2017

Rossen Stoyanchev commented

Modified title (was: "Paths with backslash incorrectly matched/mapped")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.